TCP flow recorder
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.
tcpflow is based on the LBL Packet Capture Library and therefore
supports the same rich filtering expressions that programs like
'tcpdump' support. tcpflow can also rebuild flows from data captured
with 'tcpdump -w'.
Generated by Doxygen 1.6.0 Back to index